Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-1454 PoC — jeecg-boot qurestSql sql injection

Source
https://github.com/gobysec/CVE-2023-1454
Associated Vulnerability
Title:jeecg-boot qurestSql sql injection (CVE-2023-1454)
Description:A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
Description
jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454)
Readme
# CVE-2023-1454

## jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454)

|   **Vulnerability**  | **jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454)**  |
| :----:   | :-----|
|  **Chinese name**  | jeecg-boot 未授权SQL注入漏洞(CVE-2023-1454 |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [title=="JeecgBoot 企业级低代码平台"](https://fofa.info/result?qbase64=dGl0bGU9PSJKZWVjZ0Jvb3Qg5LyB5Lia57qn5L2O5Luj56CB5bmz5Y%2BwIg%3D%3Da) |
| **Number of assets affected**  | 3957 |
| **Description**  | JeecgBoot is a low -code development platform based on code generator. Java Low Code Platform for Enterprise web applications jeecg-boot(v3.5.0) latest unauthorized sql injection. |
| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |

![](https://s3.bmp.ovh/imgs/2023/03/24/3886eecddee5f04a.gif)

**[Goby Official URL: https://gobies.org/](https://gobies.org/)** 

If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:

1. GitHub issue: https://github.com/gobysec/Goby/issues
2. Telegram Group: http://t.me/gobies (Group benefits: enjoy the version update 1 month in advance) 
3. Telegram Channel: https://t.me/joinchat/ENkApMqOonRhZjFl (Channel benefits: enjoy the version update 1 month in advance) 
4. WeChat Group: First add my personal WeChat: **gobyteam**, I will add everyone to the official WeChat group of Goby. (Group benefits: enjoy the version update 1 month in advance)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →